When leadership gets on board

Why has the Board of Directors suddenly gotten on board with the importance of cybersecurity. For years, security was a four-letter word that meant ‘spend lots of money and get nothing in return’. Suddenly this seemed to be changing. But why?

A couple of months ago I had a deep discussion with a number of CSOs about why the Board of Directors has suddenly gotten on board with the importance of cybersecurity. For years, security was a four-letter word that meant ‘spend lots of money and get nothing in return’. Suddenly this seemed to be changing. But why?

In the middle of this deep discussion, lubricated with plenty of wine, scotch and red meat, someone said, “my CEO came back from Davos this year with a whole new sense of urgency around cybersecurity.” Another CSO noted that her CEO had returned from Davos the year before having “found religion”. What they were referring to is the annual meeting of the World Economic Forum held each winter in Davos, Switzerland. It’s a gathering of leaders, both political and business, who come together to discuss and tackle some of the world’s most pressing issues. Apparently, something was up at Davos, so I decided to take a look.

In 2012, these leaders decided that cybersecurity was a critical-enough economic issue that it needed to be addressed because of the significant risk it poses the global economy. In that year they created the Partnering for Cyber Resilience Initiative. This Initiative was to investigate the issue and report back the following year. In 2013, in addition to agreeing that the greatest risk facing cyber comes from mobile devices, also agreed that cybersecurity needs to be a regular item on the agenda of the Board of Directors. As they put it, “Cybersecurity must be hard-wired into (the) management practice throughout the organization – like brushing your teeth”. It was at this point in my research that everything began to get clear.

Fast forward to January of 2014, this year’s meeting in Davos. The WEF, in partnership with McKinsey & Co., issued their report “Risk and Responsibility in a Hyperconnected World”. In addition to outlining the challenges posed by cybersecurity and a proposed framework for addressing the challenges, it projects that by 2020, the total economic cost of ineffective security will top $3 trillion globally. This is a number that is getting everyone’s attention because it looks not only at direct losses, but also at unrealized value creation as businesses and individuals avoid “digitization” – or the adoption of technology.

The Partnership for Cyber Resilience is headed in the right direction, and is achieving things I didn’t think were possible – getting the attention of senior management. But…not every company or board pays attention to what’s happening at Davos, and that’s unfortunate. If your leadership needs a little “push” in understanding the importance of cybersecurity, please share the WEF/McKinsey report with them.